PageRenderTime 64ms CodeModel.GetById 23ms RepoModel.GetById 0ms app.codeStats 0ms

/phpBB/includes/functions_user.php

https://github.com/Jipem/phpbb
PHP | 3532 lines | 2520 code | 532 blank | 480 comment | 457 complexity | 629b01b9312af82127b02b77723a871c MD5 | raw file
Possible License(s): AGPL-1.0

Large files files are truncated, but you can click here to view the full file

    

  1. <?php
    2. 

  2. /**
    3. 

  3. *
    4. 

  4. * This file is part of the phpBB Forum Software package.
    5. 

  5. *
    6. 

  6. * @copyright (c) phpBB Limited <https://www.phpbb.com>
    7. 

  7. * @license GNU General Public License, version 2 (GPL-2.0)
    8. 

  8. *
    9. 

  9. * For full copyright and license information, please see
    10. 

  10. * the docs/CREDITS.txt file.
    11. 

  11. *
    12. 

  12. */
    13. 

  13. 

  14. /**
    15. 

  15. * @ignore
    16. 

  16. */
    17. 

  17. if (!defined('IN_PHPBB'))
    18. 

  18. {
    19. 

  19. 	exit;
    20. 

  20. }
    21. 

  21. 

  22. /**
    23. 

  23. * Obtain user_ids from usernames or vice versa. Returns false on
    24. 

  24. * success else the error string
    25. 

  25. *
    26. 

  26. * @param array &$user_id_ary The user ids to check or empty if usernames used
    27. 

  27. * @param array &$username_ary The usernames to check or empty if user ids used
    28. 

  28. * @param mixed $user_type Array of user types to check, false if not restricting by user type
    29. 

  29. */
    30. 

  30. function user_get_id_name(&$user_id_ary, &$username_ary, $user_type = false)
    31. 

  31. {
    32. 

  32. 	global $db;
    33. 

  33. 

  34. 	// Are both arrays already filled? Yep, return else
    35. 

  35. 	// are neither array filled?
    36. 

  36. 	if ($user_id_ary && $username_ary)
    37. 

  37. 	{
    38. 

  38. 		return false;
    39. 

  39. 	}
    40. 

  40. 	else if (!$user_id_ary && !$username_ary)
    41. 

  41. 	{
    42. 

  42. 		return 'NO_USERS';
    43. 

  43. 	}
    44. 

  44. 

  45. 	$which_ary = ($user_id_ary) ? 'user_id_ary' : 'username_ary';
    46. 

  46. 

  47. 	if ($$which_ary && !is_array($$which_ary))
    48. 

  48. 	{
    49. 

  49. 		$$which_ary = array($$which_ary);
    50. 

  50. 	}
    51. 

  51. 

  52. 	$sql_in = ($which_ary == 'user_id_ary') ? array_map('intval', $$which_ary) : array_map('utf8_clean_string', $$which_ary);
    53. 

  53. 	unset($$which_ary);
    54. 

  54. 

  55. 	$user_id_ary = $username_ary = array();
    56. 

  56. 

  57. 	// Grab the user id/username records
    58. 

  58. 	$sql_where = ($which_ary == 'user_id_ary') ? 'user_id' : 'username_clean';
    59. 

  59. 	$sql = 'SELECT user_id, username
    60. 

  60. 		FROM ' . USERS_TABLE . '
    61. 

  61. 		WHERE ' . $db->sql_in_set($sql_where, $sql_in);
    62. 

    63. 

  63. 	if ($user_type !== false && !empty($user_type))
    64. 

  64. 	{
    65. 

  65. 		$sql .= ' AND ' . $db->sql_in_set('user_type', $user_type);
    66. 

  66. 	}
    67. 

  67. 

  68. 	$result = $db->sql_query($sql);
    69. 

  69. 

  70. 	if (!($row = $db->sql_fetchrow($result)))
    71. 

  71. 	{
    72. 

  72. 		$db->sql_freeresult($result);
    73. 

  73. 		return 'NO_USERS';
    74. 

  74. 	}
    75. 

  75. 

  76. 	do
    77. 

  77. 	{
    78. 

  78. 		$username_ary[$row['user_id']] = $row['username'];
    79. 

  79. 		$user_id_ary[] = $row['user_id'];
    80. 

  80. 	}
    81. 

  81. 	while ($row = $db->sql_fetchrow($result));
    82. 

  82. 	$db->sql_freeresult($result);
    83. 

  83. 

  84. 	return false;
    85. 

  85. }
    86. 

  86. 

  87. /**
    88. 

  88. * Get latest registered username and update database to reflect it
    89. 

  89. */
    90. 

  90. function update_last_username()
    91. 

  91. {
    92. 

  92. 	global $db;
    93. 

  93. 

  94. 	// Get latest username
    95. 

  95. 	$sql = 'SELECT user_id, username, user_colour
    96. 

  96. 		FROM ' . USERS_TABLE . '
    97. 

  97. 		WHERE user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')
    98. 

  98. 		ORDER BY user_id DESC';
    99. 

  99. 	$result = $db->sql_query_limit($sql, 1);
    100. 

  100. 	$row = $db->sql_fetchrow($result);
    101. 

  101. 	$db->sql_freeresult($result);
    102. 

  102. 

  103. 	if ($row)
    104. 

  104. 	{
    105. 

  105. 		set_config('newest_user_id', $row['user_id'], true);
    106. 

  106. 		set_config('newest_username', $row['username'], true);
    107. 

  107. 		set_config('newest_user_colour', $row['user_colour'], true);
    108. 

  108. 	}
    109. 

  109. }
    110. 

  110. 

  111. /**
    112. 

  112. * Updates a username across all relevant tables/fields
    113. 

  113. *
    114. 

  114. * @param string $old_name the old/current username
    115. 

  115. * @param string $new_name the new username
    116. 

  116. */
    117. 

  117. function user_update_name($old_name, $new_name)
    118. 

  118. {
    119. 

  119. 	global $config, $db, $cache, $phpbb_dispatcher;
    120. 

  120. 

  121. 	$update_ary = array(
    122. 

  122. 		FORUMS_TABLE			=> array('forum_last_poster_name'),
    123. 

  123. 		MODERATOR_CACHE_TABLE	=> array('username'),
    124. 

  124. 		POSTS_TABLE				=> array('post_username'),
    125. 

  125. 		TOPICS_TABLE			=> array('topic_first_poster_name', 'topic_last_poster_name'),
    126. 

  126. 	);
    127. 

  127. 

  128. 	foreach ($update_ary as $table => $field_ary)
    129. 

  129. 	{
    130. 

  130. 		foreach ($field_ary as $field)
    131. 

  131. 		{
    132. 

  132. 			$sql = "UPDATE $table
    133. 

  133. 				SET $field = '" . $db->sql_escape($new_name) . "'
    134. 

  134. 				WHERE $field = '" . $db->sql_escape($old_name) . "'";
    135. 

  135. 			$db->sql_query($sql);
    136. 

  136. 		}
    137. 

  137. 	}
    138. 

  138. 

  139. 	if ($config['newest_username'] == $old_name)
    140. 

  140. 	{
    141. 

  141. 		set_config('newest_username', $new_name, true);
    142. 

  142. 	}
    143. 

  143. 

  144. 	/**
    145. 

  145. 	* Update a username when it is changed
    146. 

  146. 	*
    147. 

  147. 	* @event core.update_username
    148. 

  148. 	* @var	string	old_name	The old username that is replaced
    149. 

  149. 	* @var	string	new_name	The new username
    150. 

  150. 	* @since 3.1.0-a1
    151. 

  151. 	*/
    152. 

  152. 	$vars = array('old_name', 'new_name');
    153. 

  153. 	extract($phpbb_dispatcher->trigger_event('core.update_username', compact($vars)));
    154. 

  154. 

  155. 	// Because some tables/caches use username-specific data we need to purge this here.
    156. 

  156. 	$cache->destroy('sql', MODERATOR_CACHE_TABLE);
    157. 

  157. }
    158. 

  158. 

  159. /**
    160. 

  160. * Adds an user
    161. 

  161. *
    162. 

  162. * @param mixed $user_row An array containing the following keys (and the appropriate values): username, group_id (the group to place the user in), user_email and the user_type(usually 0). Additional entries not overridden by defaults will be forwarded.
    163. 

  163. * @param string $cp_data custom profile fields, see custom_profile::build_insert_sql_array
    164. 

  164. * @return the new user's ID.
    165. 

  165. */
    166. 

  166. function user_add($user_row, $cp_data = false)
    167. 

  167. {
    168. 

  168. 	global $db, $user, $auth, $config, $phpbb_root_path, $phpEx;
    169. 

  169. 	global $phpbb_dispatcher, $phpbb_container;
    170. 

  170. 

  171. 	if (empty($user_row['username']) || !isset($user_row['group_id']) || !isset($user_row['user_email']) || !isset($user_row['user_type']))
    172. 

  172. 	{
    173. 

  173. 		return false;
    174. 

  174. 	}
    175. 

  175. 

  176. 	$username_clean = utf8_clean_string($user_row['username']);
    177. 

  177. 

  178. 	if (empty($username_clean))
    179. 

  179. 	{
    180. 

  180. 		return false;
    181. 

  181. 	}
    182. 

  182. 

  183. 	$sql_ary = array(
    184. 

  184. 		'username'			=> $user_row['username'],
    185. 

  185. 		'username_clean'	=> $username_clean,
    186. 

  186. 		'user_password'		=> (isset($user_row['user_password'])) ? $user_row['user_password'] : '',
    187. 

  187. 		'user_email'		=> strtolower($user_row['user_email']),
    188. 

  188. 		'user_email_hash'	=> phpbb_email_hash($user_row['user_email']),
    189. 

  189. 		'group_id'			=> $user_row['group_id'],
    190. 

  190. 		'user_type'			=> $user_row['user_type'],
    191. 

  191. 	);
    192. 

  192. 

  193. 	// These are the additional vars able to be specified
    194. 

  194. 	$additional_vars = array(
    195. 

  195. 		'user_permissions'	=> '',
    196. 

  196. 		'user_timezone'		=> $config['board_timezone'],
    197. 

  197. 		'user_dateformat'	=> $config['default_dateformat'],
    198. 

  198. 		'user_lang'			=> $config['default_lang'],
    199. 

  199. 		'user_style'		=> (int) $config['default_style'],
    200. 

  200. 		'user_actkey'		=> '',
    201. 

  201. 		'user_ip'			=> '',
    202. 

  202. 		'user_regdate'		=> time(),
    203. 

  203. 		'user_passchg'		=> time(),
    204. 

  204. 		'user_options'		=> 230271,
    205. 

  205. 		// We do not set the new flag here - registration scripts need to specify it
    206. 

  206. 		'user_new'			=> 0,
    207. 

  207. 

  208. 		'user_inactive_reason'	=> 0,
    209. 

  209. 		'user_inactive_time'	=> 0,
    210. 

  210. 		'user_lastmark'			=> time(),
    211. 

  211. 		'user_lastvisit'		=> 0,
    212. 

  212. 		'user_lastpost_time'	=> 0,
    213. 

  213. 		'user_lastpage'			=> '',
    214. 

  214. 		'user_posts'			=> 0,
    215. 

  215. 		'user_colour'			=> '',
    216. 

  216. 		'user_avatar'			=> '',
    217. 

  217. 		'user_avatar_type'		=> '',
    218. 

  218. 		'user_avatar_width'		=> 0,
    219. 

  219. 		'user_avatar_height'	=> 0,
    220. 

  220. 		'user_new_privmsg'		=> 0,
    221. 

  221. 		'user_unread_privmsg'	=> 0,
    222. 

  222. 		'user_last_privmsg'		=> 0,
    223. 

  223. 		'user_message_rules'	=> 0,
    224. 

  224. 		'user_full_folder'		=> PRIVMSGS_NO_BOX,
    225. 

  225. 		'user_emailtime'		=> 0,
    226. 

  226. 

  227. 		'user_notify'			=> 0,
    228. 

  228. 		'user_notify_pm'		=> 1,
    229. 

  229. 		'user_notify_type'		=> NOTIFY_EMAIL,
    230. 

  230. 		'user_allow_pm'			=> 1,
    231. 

  231. 		'user_allow_viewonline'	=> 1,
    232. 

  232. 		'user_allow_viewemail'	=> 1,
    233. 

  233. 		'user_allow_massemail'	=> 1,
    234. 

  234. 

  235. 		'user_sig'					=> '',
    236. 

  236. 		'user_sig_bbcode_uid'		=> '',
    237. 

  237. 		'user_sig_bbcode_bitfield'	=> '',
    238. 

  238. 

  239. 		'user_form_salt'			=> unique_id(),
    240. 

  240. 	);
    241. 

  241. 

  242. 	// Now fill the sql array with not required variables
    243. 

  243. 	foreach ($additional_vars as $key => $default_value)
    244. 

  244. 	{
    245. 

  245. 		$sql_ary[$key] = (isset($user_row[$key])) ? $user_row[$key] : $default_value;
    246. 

  246. 	}
    247. 

  247. 

  248. 	// Any additional variables in $user_row not covered above?
    249. 

  249. 	$remaining_vars = array_diff(array_keys($user_row), array_keys($sql_ary));
    250. 

  250. 

  251. 	// Now fill our sql array with the remaining vars
    252. 

  252. 	if (sizeof($remaining_vars))
    253. 

  253. 	{
    254. 

  254. 		foreach ($remaining_vars as $key)
    255. 

  255. 		{
    256. 

  256. 			$sql_ary[$key] = $user_row[$key];
    257. 

  257. 		}
    258. 

  258. 	}
    259. 

  259. 

  260. 	/**
    261. 

  261. 	* Use this event to modify the values to be inserted when a user is added
    262. 

  262. 	*
    263. 

  263. 	* @event core.user_add_modify_data
    264. 

  264. 	* @var array	sql_ary		Array of data to be inserted when a user is added
    265. 

  265. 	* @since 3.1.0-a1
    266. 

  266. 	*/
    267. 

  267. 	$vars = array('sql_ary');
    268. 

  268. 	extract($phpbb_dispatcher->trigger_event('core.user_add_modify_data', compact($vars)));
    269. 

  269. 

  270. 	$sql = 'INSERT INTO ' . USERS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
    271. 

  271. 	$db->sql_query($sql);
    272. 

  272. 

  273. 	$user_id = $db->sql_nextid();
    274. 

  274. 

  275. 	// Insert Custom Profile Fields
    276. 

  276. 	if ($cp_data !== false && sizeof($cp_data))
    277. 

  277. 	{
    278. 

  278. 		$cp_data['user_id'] = (int) $user_id;
    279. 

  279. 

  280. 		$cp = $phpbb_container->get('profilefields.manager');
    281. 

  281. 		$sql = 'INSERT INTO ' . PROFILE_FIELDS_DATA_TABLE . ' ' .
    282. 

  282. 			$db->sql_build_array('INSERT', $cp->build_insert_sql_array($cp_data));
    283. 

  283. 		$db->sql_query($sql);
    284. 

  284. 	}
    285. 

  285. 

  286. 	// Place into appropriate group...
    287. 

  287. 	$sql = 'INSERT INTO ' . USER_GROUP_TABLE . ' ' . $db->sql_build_array('INSERT', array(
    288. 

  288. 		'user_id'		=> (int) $user_id,
    289. 

  289. 		'group_id'		=> (int) $user_row['group_id'],
    290. 

  290. 		'user_pending'	=> 0)
    291. 

  291. 	);
    292. 

  292. 	$db->sql_query($sql);
    293. 

  293. 

  294. 	// Now make it the users default group...
    295. 

  295. 	group_set_user_default($user_row['group_id'], array($user_id), false);
    296. 

  296. 

  297. 	// Add to newly registered users group if user_new is 1
    298. 

  298. 	if ($config['new_member_post_limit'] && $sql_ary['user_new'])
    299. 

  299. 	{
    300. 

  300. 		$sql = 'SELECT group_id
    301. 

  301. 			FROM ' . GROUPS_TABLE . "
    302. 

  302. 			WHERE group_name = 'NEWLY_REGISTERED'
    303. 

  303. 				AND group_type = " . GROUP_SPECIAL;
    304. 

  304. 		$result = $db->sql_query($sql);
    305. 

  305. 		$add_group_id = (int) $db->sql_fetchfield('group_id');
    306. 

  306. 		$db->sql_freeresult($result);
    307. 

  307. 

  308. 		if ($add_group_id)
    309. 

  309. 		{
    310. 

  310. 			global $phpbb_log;
    311. 

  311. 

  312. 			// Because these actions only fill the log unneccessarily we skip the add_log() entry.
    313. 

  313. 			$phpbb_log->disable('admin');
    314. 

  314. 

  315. 			// Add user to "newly registered users" group and set to default group if admin specified so.
    316. 

  316. 			if ($config['new_member_group_default'])
    317. 

  317. 			{
    318. 

  318. 				group_user_add($add_group_id, $user_id, false, false, true);
    319. 

  319. 				$user_row['group_id'] = $add_group_id;
    320. 

  320. 			}
    321. 

  321. 			else
    322. 

  322. 			{
    323. 

  323. 				group_user_add($add_group_id, $user_id);
    324. 

  324. 			}
    325. 

  325. 

  326. 			$phpbb_log->enable('admin');
    327. 

  327. 		}
    328. 

  328. 	}
    329. 

  329. 

  330. 	// set the newest user and adjust the user count if the user is a normal user and no activation mail is sent
    331. 

  331. 	if ($user_row['user_type'] == USER_NORMAL || $user_row['user_type'] == USER_FOUNDER)
    332. 

  332. 	{
    333. 

  333. 		set_config('newest_user_id', $user_id, true);
    334. 

  334. 		set_config('newest_username', $user_row['username'], true);
    335. 

  335. 		set_config_count('num_users', 1, true);
    336. 

  336. 

  337. 		$sql = 'SELECT group_colour
    338. 

  338. 			FROM ' . GROUPS_TABLE . '
    339. 

  339. 			WHERE group_id = ' . (int) $user_row['group_id'];
    340. 

  340. 		$result = $db->sql_query_limit($sql, 1);
    341. 

  341. 		$row = $db->sql_fetchrow($result);
    342. 

  342. 		$db->sql_freeresult($result);
    343. 

  343. 

  344. 		set_config('newest_user_colour', $row['group_colour'], true);
    345. 

  345. 	}
    346. 

  346. 

  347. 	return $user_id;
    348. 

  348. }
    349. 

  349. 

  350. /**
    351. 

  351. * Remove User
    352. 

  352. * @param $mode Either 'retain' or 'remove'
    353. 

  353. */
    354. 

  354. function user_delete($mode, $user_ids, $retain_username = true)
    355. 

  355. {
    356. 

  356. 	global $cache, $config, $db, $user, $auth, $phpbb_dispatcher;
    357. 

  357. 	global $phpbb_root_path, $phpEx;
    358. 

  358. 

  359. 	$db->sql_transaction('begin');
    360. 

  360. 

  361. 	$user_rows = array();
    362. 

  362. 	if (!is_array($user_ids))
    363. 

  363. 	{
    364. 

  364. 		$user_ids = array($user_ids);
    365. 

  365. 	}
    366. 

  366. 

  367. 	$user_id_sql = $db->sql_in_set('user_id', $user_ids);
    368. 

  368. 

  369. 	$sql = 'SELECT *
    370. 

  370. 		FROM ' . USERS_TABLE . '
    371. 

  371. 		WHERE ' . $user_id_sql;
    372. 

  372. 	$result = $db->sql_query($sql);
    373. 

  373. 	while ($row = $db->sql_fetchrow($result))
    374. 

  374. 	{
    375. 

  375. 		$user_rows[(int) $row['user_id']] = $row;
    376. 

  376. 	}
    377. 

  377. 	$db->sql_freeresult($result);
    378. 

  378. 

  379. 	if (empty($user_rows))
    380. 

  380. 	{
    381. 

  381. 		return false;
    382. 

  382. 	}
    383. 

  383. 

  384. 	/**
    385. 

  385. 	* Event before a user is deleted
    386. 

  386. 	*
    387. 

  387. 	* @event core.delete_user_before
    388. 

  388. 	* @var	string	mode		Mode of deletion (retain/delete posts)
    389. 

  389. 	* @var	array	user_ids	IDs of the deleted user
    390. 

  390. 	* @var	mixed	retain_username	True if username should be retained
    391. 

  391. 	*				or false if not
    392. 

  392. 	* @since 3.1.0-a1
    393. 

  393. 	*/
    394. 

  394. 	$vars = array('mode', 'user_ids', 'retain_username');
    395. 

  395. 	extract($phpbb_dispatcher->trigger_event('core.delete_user_before', compact($vars)));
    396. 

  396. 

  397. 	// Before we begin, we will remove the reports the user issued.
    398. 

  398. 	$sql = 'SELECT r.post_id, p.topic_id
    399. 

  399. 		FROM ' . REPORTS_TABLE . ' r, ' . POSTS_TABLE . ' p
    400. 

  400. 		WHERE ' . $db->sql_in_set('r.user_id', $user_ids) . '
    401. 

  401. 			AND p.post_id = r.post_id';
    402. 

  402. 	$result = $db->sql_query($sql);
    403. 

  403. 

  404. 	$report_posts = $report_topics = array();
    405. 

  405. 	while ($row = $db->sql_fetchrow($result))
    406. 

  406. 	{
    407. 

  407. 		$report_posts[] = $row['post_id'];
    408. 

  408. 		$report_topics[] = $row['topic_id'];
    409. 

  409. 	}
    410. 

  410. 	$db->sql_freeresult($result);
    411. 

  411. 

  412. 	if (sizeof($report_posts))
    413. 

  413. 	{
    414. 

  414. 		$report_posts = array_unique($report_posts);
    415. 

  415. 		$report_topics = array_unique($report_topics);
    416. 

  416. 

  417. 		// Get a list of topics that still contain reported posts
    418. 

  418. 		$sql = 'SELECT DISTINCT topic_id
    419. 

  419. 			FROM ' . POSTS_TABLE . '
    420. 

  420. 			WHERE ' . $db->sql_in_set('topic_id', $report_topics) . '
    421. 

  421. 				AND post_reported = 1
    422. 

  422. 				AND ' . $db->sql_in_set('post_id', $report_posts, true);
    423. 

  423. 		$result = $db->sql_query($sql);
    424. 

  424. 

  425. 		$keep_report_topics = array();
    426. 

  426. 		while ($row = $db->sql_fetchrow($result))
    427. 

  427. 		{
    428. 

  428. 			$keep_report_topics[] = $row['topic_id'];
    429. 

  429. 		}
    430. 

  430. 		$db->sql_freeresult($result);
    431. 

  431. 

  432. 		if (sizeof($keep_report_topics))
    433. 

  433. 		{
    434. 

  434. 			$report_topics = array_diff($report_topics, $keep_report_topics);
    435. 

  435. 		}
    436. 

  436. 		unset($keep_report_topics);
    437. 

  437. 

  438. 		// Now set the flags back
    439. 

  439. 		$sql = 'UPDATE ' . POSTS_TABLE . '
    440. 

  440. 			SET post_reported = 0
    441. 

  441. 			WHERE ' . $db->sql_in_set('post_id', $report_posts);
    442. 

  442. 		$db->sql_query($sql);
    443. 

  443. 

  444. 		if (sizeof($report_topics))
    445. 

  445. 		{
    446. 

  446. 			$sql = 'UPDATE ' . TOPICS_TABLE . '
    447. 

  447. 				SET topic_reported = 0
    448. 

  448. 				WHERE ' . $db->sql_in_set('topic_id', $report_topics);
    449. 

  449. 			$db->sql_query($sql);
    450. 

  450. 		}
    451. 

  451. 	}
    452. 

  452. 

  453. 	// Remove reports
    454. 

  454. 	$db->sql_query('DELETE FROM ' . REPORTS_TABLE . ' WHERE ' . $user_id_sql);
    455. 

  455. 

  456. 	$num_users_delta = 0;
    457. 

  457. 

  458. 	// Some things need to be done in the loop (if the query changes based
    459. 

  459. 	// on which user is currently being deleted)
    460. 

  460. 	$added_guest_posts = 0;
    461. 

  461. 	foreach ($user_rows as $user_id => $user_row)
    462. 

  462. 	{
    463. 

  463. 		if ($user_row['user_avatar'] && $user_row['user_avatar_type'] == 'avatar.driver.upload')
    464. 

  464. 		{
    465. 

  465. 			avatar_delete('user', $user_row);
    466. 

  466. 		}
    467. 

  467. 

  468. 		// Decrement number of users if this user is active
    469. 

  469. 		if ($user_row['user_type'] != USER_INACTIVE && $user_row['user_type'] != USER_IGNORE)
    470. 

  470. 		{
    471. 

  471. 			--$num_users_delta;
    472. 

  472. 		}
    473. 

  473. 

  474. 		switch ($mode)
    475. 

  475. 		{
    476. 

  476. 			case 'retain':
    477. 

  477. 				if ($retain_username === false)
    478. 

  478. 				{
    479. 

  479. 					$post_username = $user->lang['GUEST'];
    480. 

  480. 				}
    481. 

  481. 				else
    482. 

  482. 				{
    483. 

  483. 					$post_username = $user_row['username'];
    484. 

  484. 				}
    485. 

  485. 

  486. 				// If the user is inactive and newly registered
    487. 

  487. 				// we assume no posts from the user, and save
    488. 

  488. 				// the queries
    489. 

  489. 				if ($user_row['user_type'] != USER_INACTIVE || $user_row['user_inactive_reason'] != INACTIVE_REGISTER || $user_row['user_posts'])
    490. 

  490. 				{
    491. 

  491. 					// When we delete these users and retain the posts, we must assign all the data to the guest user
    492. 

  492. 					$sql = 'UPDATE ' . FORUMS_TABLE . '
    493. 

  493. 						SET forum_last_poster_id = ' . ANONYMOUS . ", forum_last_poster_name = '" . $db->sql_escape($post_username) . "', forum_last_poster_colour = ''
    494. 

  494. 						WHERE forum_last_poster_id = $user_id";
    495. 

  495. 					$db->sql_query($sql);
    496. 

  496. 

  497. 					$sql = 'UPDATE ' . POSTS_TABLE . '
    498. 

  498. 						SET poster_id = ' . ANONYMOUS . ", post_username = '" . $db->sql_escape($post_username) . "'
    499. 

  499. 						WHERE poster_id = $user_id";
    500. 

  500. 					$db->sql_query($sql);
    501. 

  501. 

  502. 					$sql = 'UPDATE ' . TOPICS_TABLE . '
    503. 

  503. 						SET topic_poster = ' . ANONYMOUS . ", topic_first_poster_name = '" . $db->sql_escape($post_username) . "', topic_first_poster_colour = ''
    504. 

  504. 						WHERE topic_poster = $user_id";
    505. 

  505. 					$db->sql_query($sql);
    506. 

  506. 

  507. 					$sql = 'UPDATE ' . TOPICS_TABLE . '
    508. 

  508. 						SET topic_last_poster_id = ' . ANONYMOUS . ", topic_last_poster_name = '" . $db->sql_escape($post_username) . "', topic_last_poster_colour = ''
    509. 

  509. 						WHERE topic_last_poster_id = $user_id";
    510. 

  510. 					$db->sql_query($sql);
    511. 

  511. 

  512. 					// Since we change every post by this author, we need to count this amount towards the anonymous user
    513. 

  513. 

  514. 					if ($user_row['user_posts'])
    515. 

  515. 					{
    516. 

  516. 						$added_guest_posts += $user_row['user_posts'];
    517. 

  517. 					}
    518. 

  518. 				}
    519. 

  519. 			break;
    520. 

  520. 

  521. 			case 'remove':
    522. 

  522. 				// there is nothing variant specific to deleting posts
    523. 

  523. 			break;
    524. 

  524. 		}
    525. 

  525. 	}
    526. 

  526. 

  527. 	if ($num_users_delta != 0)
    528. 

  528. 	{
    529. 

  529. 		set_config_count('num_users', $num_users_delta, true);
    530. 

  530. 	}
    531. 

  531. 

  532. 	// Now do the invariant tasks
    533. 

  533. 	// all queries performed in one call of this function are in a single transaction
    534. 

  534. 	// so this is kosher
    535. 

  535. 	if ($mode == 'retain')
    536. 

  536. 	{
    537. 

  537. 		// Assign more data to the Anonymous user
    538. 

  538. 		$sql = 'UPDATE ' . ATTACHMENTS_TABLE . '
    539. 

  539. 			SET poster_id = ' . ANONYMOUS . '
    540. 

  540. 			WHERE ' . $db->sql_in_set('poster_id', $user_ids);
    541. 

  541. 		$db->sql_query($sql);
    542. 

  542. 

  543. 		$sql = 'UPDATE ' . POSTS_TABLE . '
    544. 

  544. 			SET post_edit_user = ' . ANONYMOUS . '
    545. 

  545. 			WHERE ' . $db->sql_in_set('post_edit_user', $user_ids);
    546. 

  546. 		$db->sql_query($sql);
    547. 

  547. 

  548. 		$sql = 'UPDATE ' . USERS_TABLE . '
    549. 

  549. 			SET user_posts = user_posts + ' . $added_guest_posts . '
    550. 

  550. 			WHERE user_id = ' . ANONYMOUS;
    551. 

  551. 		$db->sql_query($sql);
    552. 

  552. 	}
    553. 

  553. 	else if ($mode == 'remove')
    554. 

  554. 	{
    555. 

  555. 		if (!function_exists('delete_posts'))
    556. 

  556. 		{
    557. 

  557. 			include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
    558. 

  558. 		}
    559. 

  559. 

  560. 		// Delete posts, attachments, etc.
    561. 

  561. 		// delete_posts can handle any number of IDs in its second argument
    562. 

  562. 		delete_posts('poster_id', $user_ids);
    563. 

  563. 	}
    564. 

  564. 

  565. 	$table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE, PROFILE_FIELDS_DATA_TABLE, MODERATOR_CACHE_TABLE, DRAFTS_TABLE, BOOKMARKS_TABLE, SESSIONS_KEYS_TABLE, PRIVMSGS_FOLDER_TABLE, PRIVMSGS_RULES_TABLE);
    566. 

  566. 

  567. 	// Delete the miscellaneous (non-post) data for the user
    568. 

  568. 	foreach ($table_ary as $table)
    569. 

  569. 	{
    570. 

  570. 		$sql = "DELETE FROM $table
    571. 

  571. 			WHERE " . $user_id_sql;
    572. 

  572. 		$db->sql_query($sql);
    573. 

  573. 	}
    574. 

  574. 

  575. 	$cache->destroy('sql', MODERATOR_CACHE_TABLE);
    576. 

  576. 

  577. 	// Delete user log entries about this user
    578. 

  578. 	$sql = 'DELETE FROM ' . LOG_TABLE . '
    579. 

  579. 		WHERE ' . $db->sql_in_set('reportee_id', $user_ids);
    580. 

  580. 	$db->sql_query($sql);
    581. 

  581. 

  582. 	// Change user_id to anonymous for this users triggered events
    583. 

  583. 	$sql = 'UPDATE ' . LOG_TABLE . '
    584. 

  584. 		SET user_id = ' . ANONYMOUS . '
    585. 

  585. 		WHERE ' . $user_id_sql;
    586. 

  586. 	$db->sql_query($sql);
    587. 

  587. 

  588. 	// Delete the user_id from the zebra table
    589. 

  589. 	$sql = 'DELETE FROM ' . ZEBRA_TABLE . '
    590. 

  590. 		WHERE ' . $user_id_sql . '
    591. 

  591. 			OR ' . $db->sql_in_set('zebra_id', $user_ids);
    592. 

  592. 	$db->sql_query($sql);
    593. 

  593. 

  594. 	// Delete the user_id from the banlist
    595. 

  595. 	$sql = 'DELETE FROM ' . BANLIST_TABLE . '
    596. 

  596. 		WHERE ' . $db->sql_in_set('ban_userid', $user_ids);
    597. 

  597. 	$db->sql_query($sql);
    598. 

  598. 

  599. 	// Delete the user_id from the session table
    600. 

  600. 	$sql = 'DELETE FROM ' . SESSIONS_TABLE . '
    601. 

  601. 		WHERE ' . $db->sql_in_set('session_user_id', $user_ids);
    602. 

  602. 	$db->sql_query($sql);
    603. 

  603. 

  604. 	// Clean the private messages tables from the user
    605. 

  605. 	if (!function_exists('phpbb_delete_user_pms'))
    606. 

  606. 	{
    607. 

  607. 		include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx);
    608. 

  608. 	}
    609. 

  609. 	phpbb_delete_users_pms($user_ids);
    610. 

  610. 

  611. 	$db->sql_transaction('commit');
    612. 

  612. 

  613. 	/**
    614. 

  614. 	* Event after a user is deleted
    615. 

  615. 	*
    616. 

  616. 	* @event core.delete_user_after
    617. 

  617. 	* @var	string	mode		Mode of deletion (retain/delete posts)
    618. 

  618. 	* @var	array	user_ids	IDs of the deleted user
    619. 

  619. 	* @var	mixed	retain_username	True if username should be retained
    620. 

  620. 	*				or false if not
    621. 

  621. 	* @since 3.1.0-a1
    622. 

  622. 	*/
    623. 

  623. 	$vars = array('mode', 'user_ids', 'retain_username');
    624. 

  624. 	extract($phpbb_dispatcher->trigger_event('core.delete_user_after', compact($vars)));
    625. 

  625. 

  626. 	// Reset newest user info if appropriate
    627. 

  627. 	if (in_array($config['newest_user_id'], $user_ids))
    628. 

  628. 	{
    629. 

  629. 		update_last_username();
    630. 

  630. 	}
    631. 

  631. 

  632. 	return false;
    633. 

  633. }
    634. 

  634. 

  635. /**
    636. 

  636. * Flips user_type from active to inactive and vice versa, handles group membership updates
    637. 

  637. *
    638. 

  638. * @param string $mode can be flip for flipping from active/inactive, activate or deactivate
    639. 

  639. */
    640. 

  640. function user_active_flip($mode, $user_id_ary, $reason = INACTIVE_MANUAL)
    641. 

  641. {
    642. 

  642. 	global $config, $db, $user, $auth;
    643. 

  643. 

  644. 	$deactivated = $activated = 0;
    645. 

  645. 	$sql_statements = array();
    646. 

  646. 

  647. 	if (!is_array($user_id_ary))
    648. 

  648. 	{
    649. 

  649. 		$user_id_ary = array($user_id_ary);
    650. 

  650. 	}
    651. 

  651. 

  652. 	if (!sizeof($user_id_ary))
    653. 

  653. 	{
    654. 

  654. 		return;
    655. 

  655. 	}
    656. 

  656. 

  657. 	$sql = 'SELECT user_id, group_id, user_type, user_inactive_reason
    658. 

  658. 		FROM ' . USERS_TABLE . '
    659. 

  659. 		WHERE ' . $db->sql_in_set('user_id', $user_id_ary);
    660. 

  660. 	$result = $db->sql_query($sql);
    661. 

  661. 

  662. 	while ($row = $db->sql_fetchrow($result))
    663. 

  663. 	{
    664. 

  664. 		$sql_ary = array();
    665. 

  665. 

  666. 		if ($row['user_type'] == USER_IGNORE || $row['user_type'] == USER_FOUNDER ||
    667. 

  667. 			($mode == 'activate' && $row['user_type'] != USER_INACTIVE) ||
    668. 

  668. 			($mode == 'deactivate' && $row['user_type'] == USER_INACTIVE))
    669. 

  669. 		{
    670. 

  670. 			continue;
    671. 

  671. 		}
    672. 

  672. 

  673. 		if ($row['user_type'] == USER_INACTIVE)
    674. 

  674. 		{
    675. 

  675. 			$activated++;
    676. 

  676. 		}
    677. 

  677. 		else
    678. 

  678. 		{
    679. 

  679. 			$deactivated++;
    680. 

  680. 

  681. 			// Remove the users session key...
    682. 

  682. 			$user->reset_login_keys($row['user_id']);
    683. 

  683. 		}
    684. 

  684. 

  685. 		$sql_ary += array(
    686. 

  686. 			'user_type'				=> ($row['user_type'] == USER_NORMAL) ? USER_INACTIVE : USER_NORMAL,
    687. 

  687. 			'user_inactive_time'	=> ($row['user_type'] == USER_NORMAL) ? time() : 0,
    688. 

  688. 			'user_inactive_reason'	=> ($row['user_type'] == USER_NORMAL) ? $reason : 0,
    689. 

  689. 		);
    690. 

  690. 

  691. 		$sql_statements[$row['user_id']] = $sql_ary;
    692. 

  692. 	}
    693. 

  693. 	$db->sql_freeresult($result);
    694. 

  694. 

  695. 	if (sizeof($sql_statements))
    696. 

  696. 	{
    697. 

  697. 		foreach ($sql_statements as $user_id => $sql_ary)
    698. 

  698. 		{
    699. 

  699. 			$sql = 'UPDATE ' . USERS_TABLE . '
    700. 

  700. 				SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
    701. 

  701. 				WHERE user_id = ' . $user_id;
    702. 

  702. 			$db->sql_query($sql);
    703. 

  703. 		}
    704. 

  704. 

  705. 		$auth->acl_clear_prefetch(array_keys($sql_statements));
    706. 

  706. 	}
    707. 

  707. 

  708. 	if ($deactivated)
    709. 

  709. 	{
    710. 

  710. 		set_config_count('num_users', $deactivated * (-1), true);
    711. 

  711. 	}
    712. 

  712. 

  713. 	if ($activated)
    714. 

  714. 	{
    715. 

  715. 		set_config_count('num_users', $activated, true);
    716. 

  716. 	}
    717. 

  717. 

  718. 	// Update latest username
    719. 

  719. 	update_last_username();
    720. 

  720. }
    721. 

  721. 

  722. /**
    723. 

  723. * Add a ban or ban exclusion to the banlist. Bans either a user, an IP or an email address
    724. 

  724. *
    725. 

  725. * @param string $mode Type of ban. One of the following: user, ip, email
    726. 

  726. * @param mixed $ban Banned entity. Either string or array with usernames, ips or email addresses
    727. 

  727. * @param int $ban_len Ban length in minutes
    728. 

  728. * @param string $ban_len_other Ban length as a date (YYYY-MM-DD)
    729. 

  729. * @param boolean $ban_exclude Exclude these entities from banning?
    730. 

  730. * @param string $ban_reason String describing the reason for this ban
    731. 

  731. * @return boolean
    732. 

  732. */
    733. 

  733. function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reason, $ban_give_reason = '')
    734. 

  734. {
    735. 

  735. 	global $db, $user, $auth, $cache;
    736. 

  736. 

  737. 	// Delete stale bans
    738. 

  738. 	$sql = 'DELETE FROM ' . BANLIST_TABLE . '
    739. 

  739. 		WHERE ban_end < ' . time() . '
    740. 

  740. 			AND ban_end <> 0';
    741. 

  741. 	$db->sql_query($sql);
    742. 

  742. 

  743. 	$ban_list = (!is_array($ban)) ? array_unique(explode("\n", $ban)) : $ban;
    744. 

  744. 	$ban_list_log = implode(', ', $ban_list);
    745. 

  745. 

  746. 	$current_time = time();
    747. 

  747. 

  748. 	// Set $ban_end to the unix time when the ban should end. 0 is a permanent ban.
    749. 

  749. 	if ($ban_len)
    750. 

  750. 	{
    751. 

  751. 		if ($ban_len != -1 || !$ban_len_other)
    752. 

  752. 		{
    753. 

  753. 			$ban_end = max($current_time, $current_time + ($ban_len) * 60);
    754. 

  754. 		}
    755. 

  755. 		else
    756. 

  756. 		{
    757. 

  757. 			$ban_other = explode('-', $ban_len_other);
    758. 

  758. 			if (sizeof($ban_other) == 3 && ((int) $ban_other[0] < 9999) &&
    759. 

  759. 				(strlen($ban_other[0]) == 4) && (strlen($ban_other[1]) == 2) && (strlen($ban_other[2]) == 2))
    760. 

  760. 			{
    761. 

  761. 				$ban_end = max($current_time, $user->create_datetime()
    762. 

  762. 					->setDate((int) $ban_other[0], (int) $ban_other[1], (int) $ban_other[2])
    763. 

  763. 					->setTime(0, 0, 0)
    764. 

  764. 					->getTimestamp() + $user->timezone->getOffset(new DateTime('UTC')));
    765. 

  765. 			}
    766. 

  766. 			else
    767. 

  767. 			{
    768. 

  768. 				trigger_error('LENGTH_BAN_INVALID', E_USER_WARNING);
    769. 

  769. 			}
    770. 

  770. 		}
    771. 

  771. 	}
    772. 

  772. 	else
    773. 

  773. 	{
    774. 

  774. 		$ban_end = 0;
    775. 

  775. 	}
    776. 

  776. 

  777. 	$founder = $founder_names = array();
    778. 

  778. 

  779. 	if (!$ban_exclude)
    780. 

  780. 	{
    781. 

  781. 		// Create a list of founder...
    782. 

  782. 		$sql = 'SELECT user_id, user_email, username_clean
    783. 

  783. 			FROM ' . USERS_TABLE . '
    784. 

  784. 			WHERE user_type = ' . USER_FOUNDER;
    785. 

  785. 		$result = $db->sql_query($sql);
    786. 

  786. 

  787. 		while ($row = $db->sql_fetchrow($result))
    788. 

  788. 		{
    789. 

  789. 			$founder[$row['user_id']] = $row['user_email'];
    790. 

  790. 			$founder_names[$row['user_id']] = $row['username_clean'];
    791. 

  791. 		}
    792. 

  792. 		$db->sql_freeresult($result);
    793. 

  793. 	}
    794. 

  794. 

  795. 	$banlist_ary = array();
    796. 

  796. 

  797. 	switch ($mode)
    798. 

  798. 	{
    799. 

  799. 		case 'user':
    800. 

  800. 			$type = 'ban_userid';
    801. 

  801. 

  802. 			// At the moment we do not support wildcard username banning
    803. 

  803. 

  804. 			// Select the relevant user_ids.
    805. 

  805. 			$sql_usernames = array();
    806. 

  806. 

  807. 			foreach ($ban_list as $username)
    808. 

  808. 			{
    809. 

  809. 				$username = trim($username);
    810. 

  810. 				if ($username != '')
    811. 

  811. 				{
    812. 

  812. 					$clean_name = utf8_clean_string($username);
    813. 

  813. 					if ($clean_name == $user->data['username_clean'])
    814. 

  814. 					{
    815. 

  815. 						trigger_error('CANNOT_BAN_YOURSELF', E_USER_WARNING);
    816. 

  816. 					}
    817. 

  817. 					if (in_array($clean_name, $founder_names))
    818. 

  818. 					{
    819. 

  819. 						trigger_error('CANNOT_BAN_FOUNDER', E_USER_WARNING);
    820. 

  820. 					}
    821. 

  821. 					$sql_usernames[] = $clean_name;
    822. 

  822. 				}
    823. 

  823. 			}
    824. 

  824. 

  825. 			// Make sure we have been given someone to ban
    826. 

  826. 			if (!sizeof($sql_usernames))
    827. 

  827. 			{
    828. 

  828. 				trigger_error('NO_USER_SPECIFIED', E_USER_WARNING);
    829. 

  829. 			}
    830. 

  830. 

  831. 			$sql = 'SELECT user_id
    832. 

  832. 				FROM ' . USERS_TABLE . '
    833. 

  833. 				WHERE ' . $db->sql_in_set('username_clean', $sql_usernames);
    834. 

    835. 

  835. 			// Do not allow banning yourself, the guest account, or founders.
    836. 

  836. 			$non_bannable = array($user->data['user_id'], ANONYMOUS);
    837. 

  837. 			if (sizeof($founder))
    838. 

  838. 			{
    839. 

  839. 				$sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), $non_bannable), true);
    840. 

  840. 			}
    841. 

  841. 			else
    842. 

  842. 			{
    843. 

  843. 				$sql .= ' AND ' . $db->sql_in_set('user_id', $non_bannable, true);
    844. 

  844. 			}
    845. 

  845. 

  846. 			$result = $db->sql_query($sql);
    847. 

  847. 

  848. 			if ($row = $db->sql_fetchrow($result))
    849. 

  849. 			{
    850. 

  850. 				do
    851. 

  851. 				{
    852. 

  852. 					$banlist_ary[] = (int) $row['user_id'];
    853. 

  853. 				}
    854. 

  854. 				while ($row = $db->sql_fetchrow($result));
    855. 

  855. 			}
    856. 

  856. 			else
    857. 

  857. 			{
    858. 

  858. 				$db->sql_freeresult($result);
    859. 

  859. 				trigger_error('NO_USERS', E_USER_WARNING);
    860. 

  860. 			}
    861. 

  861. 			$db->sql_freeresult($result);
    862. 

  862. 		break;
    863. 

  863. 

  864. 		case 'ip':
    865. 

  865. 			$type = 'ban_ip';
    866. 

  866. 

  867. 			foreach ($ban_list as $ban_item)
    868. 

  868. 			{
    869. 

  869. 				if (preg_match('#^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]*\-[ ]*([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$#', trim($ban_item), $ip_range_explode))
    870. 

  870. 				{
    871. 

  871. 					// This is an IP range
    872. 

  872. 					// Don't ask about all this, just don't ask ... !
    873. 

  873. 					$ip_1_counter = $ip_range_explode[1];
    874. 

  874. 					$ip_1_end = $ip_range_explode[5];
    875. 

  875. 

  876. 					while ($ip_1_counter <= $ip_1_end)
    877. 

  877. 					{
    878. 

  878. 						$ip_2_counter = ($ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[2] : 0;
    879. 

  879. 						$ip_2_end = ($ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[6];
    880. 

  880. 

  881. 						if ($ip_2_counter == 0 && $ip_2_end == 254)
    882. 

  882. 						{
    883. 

  883. 							$ip_2_counter = 256;
    884. 

  884. 							$ip_2_fragment = 256;
    885. 

  885. 

  886. 							$banlist_ary[] = "$ip_1_counter.*";
    887. 

  887. 						}
    888. 

  888. 

  889. 						while ($ip_2_counter <= $ip_2_end)
    890. 

  890. 						{
    891. 

  891. 							$ip_3_counter = ($ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[3] : 0;
    892. 

  892. 							$ip_3_end = ($ip_2_counter < $ip_2_end || $ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[7];
    893. 

  893. 

  894. 							if ($ip_3_counter == 0 && $ip_3_end == 254)
    895. 

  895. 							{
    896. 

  896. 								$ip_3_counter = 256;
    897. 

  897. 								$ip_3_fragment = 256;
    898. 

  898. 

  899. 								$banlist_ary[] = "$ip_1_counter.$ip_2_counter.*";
    900. 

  900. 							}
    901. 

  901. 

  902. 							while ($ip_3_counter <= $ip_3_end)
    903. 

  903. 							{
    904. 

  904. 								$ip_4_counter = ($ip_3_counter == $ip_range_explode[3] && $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[4] : 0;
    905. 

  905. 								$ip_4_end = ($ip_3_counter < $ip_3_end || $ip_2_counter < $ip_2_end) ? 254 : $ip_range_explode[8];
    906. 

  906. 

  907. 								if ($ip_4_counter == 0 && $ip_4_end == 254)
    908. 

  908. 								{
    909. 

  909. 									$ip_4_counter = 256;
    910. 

  910. 									$ip_4_fragment = 256;
    911. 

  911. 

  912. 									$banlist_ary[] = "$ip_1_counter.$ip_2_counter.$ip_3_counter.*";
    913. 

  913. 								}
    914. 

  914. 

  915. 								while ($ip_4_counter <= $ip_4_end)
    916. 

  916. 								{
    917. 

  917. 									$banlist_ary[] = "$ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter";
    918. 

  918. 									$ip_4_counter++;
    919. 

  919. 								}
    920. 

  920. 								$ip_3_counter++;
    921. 

  921. 							}
    922. 

  922. 							$ip_2_counter++;
    923. 

  923. 						}
    924. 

  924. 						$ip_1_counter++;
    925. 

  925. 					}
    926. 

  926. 				}
    927. 

  927. 				else if (preg_match('#^([0-9]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})$#', trim($ban_item)) || preg_match('#^[a-f0-9:]+\*?$#i', trim($ban_item)))
    928. 

  928. 				{
    929. 

  929. 					// Normal IP address
    930. 

  930. 					$banlist_ary[] = trim($ban_item);
    931. 

  931. 				}
    932. 

  932. 				else if (preg_match('#^\*$#', trim($ban_item)))
    933. 

  933. 				{
    934. 

  934. 					// Ban all IPs
    935. 

  935. 					$banlist_ary[] = '*';
    936. 

  936. 				}
    937. 

  937. 				else if (preg_match('#^([\w\-_]\.?){2,}$#is', trim($ban_item)))
    938. 

  938. 				{
    939. 

  939. 					// hostname
    940. 

  940. 					$ip_ary = gethostbynamel(trim($ban_item));
    941. 

  941. 

  942. 					if (!empty($ip_ary))
    943. 

  943. 					{
    944. 

  944. 						foreach ($ip_ary as $ip)
    945. 

  945. 						{
    946. 

  946. 							if ($ip)
    947. 

  947. 							{
    948. 

  948. 								if (strlen($ip) > 40)
    949. 

  949. 								{
    950. 

  950. 									continue;
    951. 

  951. 								}
    952. 

  952. 

  953. 								$banlist_ary[] = $ip;
    954. 

  954. 							}
    955. 

  955. 						}
    956. 

  956. 					}
    957. 

  957. 				}
    958. 

  958. 

  959. 				if (empty($banlist_ary))
    960. 

  960. 				{
    961. 

  961. 					trigger_error('NO_IPS_DEFINED', E_USER_WARNING);
    962. 

  962. 				}
    963. 

  963. 			}
    964. 

  964. 		break;
    965. 

  965. 

  966. 		case 'email':
    967. 

  967. 			$type = 'ban_email';
    968. 

  968. 

  969. 			foreach ($ban_list as $ban_item)
    970. 

  970. 			{
    971. 

  971. 				$ban_item = trim($ban_item);
    972. 

  972. 

  973. 				if (preg_match('#^.*?@*|(([a-z0-9\-]+\.)+([a-z]{2,3}))$#i', $ban_item))
    974. 

  974. 				{
    975. 

  975. 					if (strlen($ban_item) > 100)
    976. 

  976. 					{
    977. 

  977. 						continue;
    978. 

  978. 					}
    979. 

  979. 

  980. 					if (!sizeof($founder) || !in_array($ban_item, $founder))
    981. 

  981. 					{
    982. 

  982. 						$banlist_ary[] = $ban_item;
    983. 

  983. 					}
    984. 

  984. 				}
    985. 

  985. 			}
    986. 

  986. 

  987. 			if (sizeof($ban_list) == 0)
    988. 

  988. 			{
    989. 

  989. 				trigger_error('NO_EMAILS_DEFINED', E_USER_WARNING);
    990. 

  990. 			}
    991. 

  991. 		break;
    992. 

  992. 

  993. 		default:
    994. 

  994. 			trigger_error('NO_MODE', E_USER_WARNING);
    995. 

  995. 		break;
    996. 

  996. 	}
    997. 

  997. 

  998. 	// Fetch currently set bans of the specified type and exclude state. Prevent duplicate bans.
    999. 

  999. 	$sql_where = ($type == 'ban_userid') ? 'ban_userid <> 0' : "$type <> ''";
    1000. 

  1000. 

  1001. 	$sql = "SELECT $type
    1002. 

  1002. 		FROM " . BANLIST_TABLE . "
    1003. 

  1003. 		WHERE $sql_where
    1004. 

  1004. 			AND ban_exclude = " . (int) $ban_exclude;
    1005. 

  1005. 	$result = $db->sql_query($sql);
    1006. 

  1006. 

  1007. 	// Reset $sql_where, because we use it later...
    1008. 

  1008. 	$sql_where = '';
    1009. 

  1009. 

  1010. 	if ($row = $db->sql_fetchrow($result))
    1011. 

  1011. 	{
    1012. 

  1012. 		$banlist_ary_tmp = array();
    1013. 

  1013. 		do
    1014. 

  1014. 		{
    1015. 

  1015. 			switch ($mode)
    1016. 

  1016. 			{
    1017. 

  1017. 				case 'user':
    1018. 

  1018. 					$banlist_ary_tmp[] = $row['ban_userid'];
    1019. 

  1019. 				break;
    1020. 

  1020. 

  1021. 				case 'ip':
    1022. 

  1022. 					$banlist_ary_tmp[] = $row['ban_ip'];
    1023. 

  1023. 				break;
    1024. 

  1024. 

  1025. 				case 'email':
    1026. 

  1026. 					$banlist_ary_tmp[] = $row['ban_email'];
    1027. 

  1027. 				break;
    1028. 

  1028. 			}
    1029. 

  1029. 		}
    1030. 

  1030. 		while ($row = $db->sql_fetchrow($result));
    1031. 

  1031. 

  1032. 		$banlist_ary_tmp = array_intersect($banlist_ary, $banlist_ary_tmp);
    1033. 

  1033. 

  1034. 		if (sizeof($banlist_ary_tmp))
    1035. 

  1035. 		{
    1036. 

  1036. 			// One or more entities are already banned/excluded, delete the existing bans, so they can be re-inserted with the given new length
    1037. 

  1037. 			$sql = 'DELETE FROM ' . BANLIST_TABLE . '
    1038. 

  1038. 				WHERE ' . $db->sql_in_set($type, $banlist_ary_tmp) . '
    1039. 

  1039. 					AND ban_exclude = ' . (int) $ban_exclude;
    1040. 

  1040. 			$db->sql_query($sql);
    1041. 

  1041. 		}
    1042. 

  1042. 

  1043. 		unset($banlist_ary_tmp);
    1044. 

  1044. 	}
    1045. 

  1045. 	$db->sql_freeresult($result);
    1046. 

  1046. 

  1047. 	// We have some entities to ban
    1048. 

  1048. 	if (sizeof($banlist_ary))
    1049. 

  1049. 	{
    1050. 

  1050. 		$sql_ary = array();
    1051. 

  1051. 

  1052. 		foreach ($banlist_ary as $ban_entry)
    1053. 

  1053. 		{
    1054. 

  1054. 			$sql_ary[] = array(
    1055. 

  1055. 				$type				=> $ban_entry,
    1056. 

  1056. 				'ban_start'			=> (int) $current_time,
    1057. 

  1057. 				'ban_end'			=> (int) $ban_end,
    1058. 

  1058. 				'ban_exclude'		=> (int) $ban_exclude,
    1059. 

  1059. 				'ban_reason'		=> (string) $ban_reason,
    1060. 

  1060. 				'ban_give_reason'	=> (string) $ban_give_reason,
    1061. 

  1061. 			);
    1062. 

  1062. 		}
    1063. 

  1063. 

  1064. 		$db->sql_multi_insert(BANLIST_TABLE, $sql_ary);
    1065. 

  1065. 

  1066. 		// If we are banning we want to logout anyone matching the ban
    1067. 

  1067. 		if (!$ban_exclude)
    1068. 

  1068. 		{
    1069. 

  1069. 			switch ($mode)
    1070. 

  1070. 			{
    1071. 

  1071. 				case 'user':
    1072. 

  1072. 					$sql_where = 'WHERE ' . $db->sql_in_set('session_user_id', $banlist_ary);
    1073. 

  1073. 				break;
    1074. 

  1074. 

  1075. 				case 'ip':
    1076. 

  1076. 					$sql_where = 'WHERE ' . $db->sql_in_set('session_ip', $banlist_ary);
    1077. 

  1077. 				break;
    1078. 

  1078. 

  1079. 				case 'email':
    1080. 

  1080. 					$banlist_ary_sql = array();
    1081. 

  1081. 

  1082. 					foreach ($banlist_ary as $ban_entry)
    1083. 

  1083. 					{
    1084. 

  1084. 						$banlist_ary_sql[] = (string) str_replace('*', '%', $ban_entry);
    1085. 

  1085. 					}
    1086. 

  1086. 

  1087. 					$sql = 'SELECT user_id
    1088. 

  1088. 						FROM ' . USERS_TABLE . '
    1089. 

  1089. 						WHERE ' . $db->sql_in_set('user_email', $banlist_ary_sql);
    1090. 

  1090. 					$result = $db->sql_query($sql);
    1091. 

  1091. 

  1092. 					$sql_in = array();
    1093. 

  1093. 

  1094. 					if ($row = $db->sql_fetchrow($result))
    1095. 

  1095. 					{
    1096. 

  1096. 						do
    1097. 

  1097. 						{
    1098. 

  1098. 							$sql_in[] = $row['user_id'];
    1099. 

  1099. 						}
    1100. 

  1100. 						while ($row = $db->sql_fetchrow($result));
    1101. 

  1101. 

  1102. 						$sql_where = 'WHERE ' . $db->sql_in_set('session_user_id', $sql_in);
    1103. 

  1103. 					}
    1104. 

  1104. 					$db->sql_freeresult($result);
    1105. 

  1105. 				break;
    1106. 

  1106. 			}
    1107. 

  1107. 

  1108. 			if (isset($sql_where) && $sql_where)
    1109. 

  1109. 			{
    1110. 

  1110. 				$sql = 'DELETE FROM ' . SESSIONS_TABLE . "
    1111. 

  1111. 					$sql_where";
    1112. 

  1112. 				$db->sql_query($sql);
    1113. 

  1113. 

  1114. 				if ($mode == 'user')
    1115. 

  1115. 				{
    1116. 

  1116. 					$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' ' . ((in_array('*', $banlist_ary)) ? '' : 'WHERE ' . $db->sql_in_set('user_id', $banlist_ary));
    1117. 

  1117. 					$db->sql_query($sql);
    1118. 

  1118. 				}
    1119. 

  1119. 			}
    1120. 

  1120. 		}
    1121. 

  1121. 

  1122. 		// Update log
    1123. 

  1123. 		$log_entry = ($ban_exclude) ? 'LOG_BAN_EXCLUDE_' : 'LOG_BAN_';
    1124. 

  1124. 

  1125. 		// Add to moderator log, admin log and user notes
    1126. 

  1126. 		add_log('admin', $log_entry . strtoupper($mode), $ban_reason, $ban_list_log);
    1127. 

  1127. 		add_log('mod', 0, 0, $log_entry . strtoupper($mode), $ban_reason, $ban_list_log);
    1128. 

  1128. 		if ($mode == 'user')
    1129. 

  1129. 		{
    1130. 

  1130. 			foreach ($banlist_ary as $user_id)
    1131. 

  1131. 			{
    1132. 

  1132. 				add_log('user', $user_id, $log_entry . strtoupper($mode), $ban_reason, $ban_list_log);
    1133. 

  1133. 			}
    1134. 

  1134. 		}
    1135. 

  1135. 

  1136. 		$cache->destroy('sql', BANLIST_TABLE);
    1137. 

  1137. 

  1138. 		return true;
    1139. 

  1139. 	}
    1140. 

  1140. 

  1141. 	// There was nothing to ban/exclude. But destroying the cache because of the removal of stale bans.
    1142. 

  1142. 	$cache->destroy('sql', BANLIST_TABLE);
    1143. 

  1143. 

  1144. 	return false;
    1145. 

  1145. }
    1146. 

  1146. 

  1147. /**
    1148. 

  1148. * Unban User
    1149. 

  1149. */
    1150. 

  1150. function user_unban($mode, $ban)
    1151. 

  1151. {
    1152. 

  1152. 	global $db, $user, $auth, $cache;
    1153. 

  1153. 

  1154. 	// Delete stale bans
    1155. 

  1155. 	$sql = 'DELETE FROM ' . BANLIST_TABLE . '
    1156. 

  1156. 		WHERE ban_end < ' . time() . '
    1157. 

  1157. 			AND ban_end <> 0';
    1158. 

  1158. 	$db->sql_query($sql);
    1159. 

  1159. 

  1160. 	if (!is_array($ban))
    1161. 

  1161. 	{
    1162. 

  1162. 		$ban = array($ban);
    1163. 

  1163. 	}
    1164. 

  1164. 

  1165. 	$unban_sql = array_map('intval', $ban);
    1166. 

  1166. 

  1167. 	if (sizeof($unban_sql))
    1168. 

  1168. 	{
    1169. 

  1169. 		// Grab details of bans for logging information later
    1170. 

  1170. 		switch ($mode)
    1171. 

  1171. 		{
    1172. 

  1172. 			case 'user':
    1173. 

  1173. 				$sql = 'SELECT u.username AS unban_info, u.user_id
    1174. 

  1174. 					FROM ' . USERS_TABLE . ' u, ' . BANLIST_TABLE . ' b
    1175. 

  1175. 					WHERE ' . $db->sql_in_set('b.ban_id', $unban_sql) . '
    1176. 

  1176. 						AND u.user_id = b.ban_userid';
    1177. 

  1177. 			break;
    1178. 

  1178. 

  1179. 			case 'email':
    1180. 

  1180. 				$sql = 'SELECT ban_email AS unban_info
    1181. 

  1181. 					FROM ' . BANLIST_TABLE . '
    1182. 

  1182. 					WHERE ' . $db->sql_in_set('ban_id', $unban_sql);
    1183. 

  1183. 			break;
    1184. 

  1184. 

  1185. 			case 'ip':
    1186. 

  1186. 				$sql = 'SELECT ban_ip AS unban_info
    1187. 

  1187. 					FROM ' . BANLIST_TABLE . '
    1188. 

  1188. 					WHERE ' . $db->sql_in_set('ban_id', $unban_sql);
    1189. 

  1189. 			break;
    1190. 

  1190. 		}
    1191. 

  1191. 		$result = $db->sql_query($sql);
    1192. 

  1192. 

  1193. 		$l_unban_list = '';
    1194. 

  1194. 		$user_ids_ary = array();
    1195. 

  1195. 		while ($row = $db->sql_fetchrow($result))
    1196. 

  1196. 		{
    1197. 

  1197. 			$l_unban_list .= (($l_unban_list != '') ? ', ' : '') . $row['unban_info'];
    1198. 

  1198. 			if ($mode == 'user')
    1199. 

  1199. 			{
    1200. 

  1200. 				$user_ids_ary[] = $row['user_id'];
    1201. 

  1201. 			}
    1202. 

  1202. 		}
    1203. 

  1203. 		$db->sql_freeresult($result);
    1204. 

  1204. 

  1205. 		$sql = 'DELETE FROM ' . BANLIST_TABLE . '
    1206. 

  1206. 			WHERE ' . $db->sql_in_set('ban_id', $unban_sql);
    1207. 

  1207. 		$db->sql_query($sql);
    1208. 

  1208. 

  1209. 		// Add to moderator log, admin log and user notes
    1210. 

  1210. 		add_log('admin', 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list);
    1211. 

  1211. 		add_log('mod', 0, 0, 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list);
    1212. 

  1212. 		if ($mode == 'user')
    1213. 

  1213. 		{
    1214. 

  1214. 			foreach ($user_ids_ary as $user_id)
    1215. 

  1215. 			{
    1216. 

  1216. 				add_log('user', $user_id, 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list);
    1217. 

  1217. 			}
    1218. 

  1218. 		}
    1219. 

  1219. 	}
    1220. 

  1220. 

  1221. 	$cache->destroy('sql', BANLIST_TABLE);
    1222. 

  1222. 

  1223. 	return false;
    1224. 

  1224. }
    1225. 

  1225. 

  1226. /**
    1227. 

  1227. * Internet Protocol Address Whois
    1228. 

  1228. * RFC3912: WHOIS Protocol Specification
    1229. 

  1229. *
    1230. 

  1230. * @param string $ip		Ip address, either IPv4 or IPv6.
    1231. 

  1231. *
    1232. 

  1232. * @return string		Empty string if not a valid ip address.
    1233. 

  1233. *						Otherwise make_clickable()'ed whois result.
    1234. 

  1234. */
    1235. 

  1235. function user_ipwhois($ip)
    1236. 

  1236. {
    1237. 

  1237. 	if (empty($ip))
    1238. 

  1238. 	{
    1239. 

  1239. 		return '';
    1240. 

  1240. 	}
    1241. 

  1241. 

  1242. 	if (preg_match(get_preg_expression('ipv4'), $ip))
    1243. 

  1243. 	{
    1244. 

  1244. 		// IPv4 address
    1245. 

  1245. 		$whois_host = 'whois.arin.net.';
    1246. 

  1246. 	}
    1247. 

  1247. 	else if (preg_match(get_preg_expression('ipv6'), $ip))
    1248. 

  1248. 	{
    1249. 

  1249. 		// IPv6 address
    1250. 

  1250. 		$whois_host = 'whois.sixxs.net.';
    1251. 

  1251. 	}
    1252. 

  1252. 	else
    1253. 

  1253. 	{
    1254. 

  1254. 		return '';
    1255. 

  1255. 	}
    1256. 

  1256. 

  1257. 	$ipwhois = '';
    1258. 

  1258. 

  1259. 	if (($fsk = @fsockopen($whois_host, 43)))
    1260. 

  1260. 	{
    1261. 

  1261. 		// CRLF as per RFC3912
    1262. 

  1262. 		fputs($fsk, "$ip\r\n");
    1263. 

  1263. 		while (!feof($fsk))
    1264. 

  1264. 		{
    1265. 

  1265. 			$ipwhois .= fgets($fsk, 1024);
    1266. 

  1266. 		}
    1267. 

  1267. 		@fclose($fsk);
    1268. 

  1268. 	}
    1269. 

  1269. 

  1270. 	$match = array();
    1271. 

  1271. 

  1272. 	// Test for referrals from $whois_host to other whois databases, roll on rwhois
    1273. 

  1273. 	if (preg_match('#ReferralServer: whois://(.+)#im', $ipwhois, $match))
    1274. 

  1274. 	{
    1275. 

  1275. 		if (strpos($match[1], ':') !== false)
    1276. 

  1276. 		{
    1277. 

  1277. 			$pos	= strrpos($match[1], ':');
    1278. 

  1278. 			$server	= substr($match[1], 0, $pos);
    1279. 

  1279. 			$port	= (int) substr($match[1], $pos + 1);
    1280. 

  1280. 			unset($pos);
    1281. 

  1281. 		}
    1282. 

  1282. 		else
    1283. 

  1283. 		{
    1284. 

  1284. 			$server	= $match[1];
    1285. 

  1285. 			$port	= 43;
    1286. 

  1286. 		}
    1287. 

  1287. 

  1288. 		$buffer = '';
    1289. 

  1289. 

  1290. 		if (($fsk = @fsockopen($server, $port)))
    1291. 

  1291. 		{
    1292. 

  1292. 			fputs($fsk, "$ip\r\n");
    1293. 

  1293. 			while (!feof($fsk))
    1294. 

  1294. 			{
    1295. 

  1295. 				$buffer .= fgets($fsk, 1024);
    1296. 

  1296. 			}
    1297. 

  1297. 			@fclose($fsk);
    1298. 

  1298. 		}
    1299. 

  1299. 

  1300. 		// Use the result from $whois_host if we don't get any result here
    1301. 

  1301. 		$ipwhois = (empty($buffer)) ? $ipwhois : $buffer;
    1302. 

  1302. 	}
    1303. 

  1303. 

  1304. 	$ipwhois = htmlspecialchars($ipwhois);
    1305. 

  1305. 

  1306. 	// Magic URL ;)
    1307. 

  1307. 	return trim(make_clickable($ipwhois, false, ''));
    1308. 

  1308. }
    1309. 

  1309. 

  1310. /**
    1311. 

  1311. * Data validation ... used primarily but not exclusively by ucp modules
    1312. 

  1312. *
    1313. 

  1313. * "Master" function for validating a range of data types
    1314. 

  1314. */
    1315. 

  1315. function validate_data($data, $val_ary)
    1316. 

  1316. {
    1317. 

  1317. 	global $user;
    1318. 

  1318. 

  1319. 	$error = array();
    1320. 

  1320. 

  1321. 	foreach ($val_ary as $var => $val_seq)
    1322. 

  1322. 	{
    1323. 

  1323. 		if (!is_array($val_seq[0]))
    1324. 

  1324. 		{
    1325. 

  1325. 			$val_seq = array($val_seq);
    1326. 

  1326. 		}
    1327. 

  1327. 

  1328. 		foreach ($val_seq as $validate)
    1329. 

  1329. 		{
    1330. 

  1330. 			$function = array_shift($validate);
    1331. 

  1331. 			array_unshift($validate, $data[$var]);
    1332. 

  1332. 

  1333. 			if (is_array($function))
    1334. 

  1334. 			{
    1335. 

  1335. 				$result = call_user_func_array(array($function[0], 'validate_' . $function[1]), $validate);
    1336. 

  1336. 			}
    1337. 

  1337. 			else
    1338. 

  1338. 			{
    1339. 

  1339. 				$function_prefix = (function_exists('phpbb_validate_' . $function)) ? 'phpbb_validate_' : 'validate_';
    1340. 

  1340. 				$result = call_user_func_array($function_prefix . $function, $validate);
    1341. 

  1341. 			}
    1342. 

  1342. 

  1343. 			if ($result)
    1344. 

  1344. 			{
    1345. 

  1345. 				// Since errors are checked later for their language file existence, we need to make sure custom errors are not adjusted.
    1346. 

  1346. 				$error[] = (empty($user->lang[$result . '_' . strtoupper($var)])) ? $result : $result . '_' . strtoupper($var);
    1347. 

  1347. 			}
    1348. 

  1348. 		}
    1349. 

  1349. 	}
    1350. 

  1350. 

  1351. 	return $error;
    1352. 

  1352. }
    1353. 

  1353. 

  1354. /**
    1355. 

  1355. * Validate String
    1356. 

  1356. *
    1357. 

  1357. * @return	boolean|string	Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
    1358. 

  1358. */
    1359. 

  1359. function validate_string($string, $optional = false, $min = 0, $max = 0)
    1360. 

  1360. {
    1361. 

  1361. 	if (empty($string) && $optional)
    1362. 

  1362. 	{
    1363. 

  1363. 		return false;
    1364. 

  1364. 	}
    1365. 

  1365. 

  1366. 	if ($min && utf8_strlen(htmlspecialchars_decode($string)) < $min)
    1367. 

  1367. 	{
    1368. 

  1368. 		return 'TOO_SHORT';
    1369. 

  1369. 	}
    1370. 

  1370. 	else if ($max && utf8_strlen(htmlspecialchars_decode($string)) > $max)
    1371. 

  1371. 	{
    1372. 

  1372. 		return 'TOO_LONG';
    1373. 

  1373. 	}
    1374. 

  1374. 

  1375. 	return false;
    1376. 

  1376. }
    1377. 

  1377. 

  1378. /**
    1379. 

  1379. * Validate Number
    1380. 

  1380. *
    1381. 

  1381. * @return	boolean|string	Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
    1382. 

  1382. */
    1383. 

  1383. function validate_num($num, $optional = false, $min = 0, $max = 1E99)
    1384. 

  1384. {
    1385. 

  1385. 	if (empty($num) && $optional)
    1386. 

  1386. 	{
    1387. 

  1387. 		return false;
    1388. 

  1388. 	}
    1389. 

  1389. 

  1390. 	if ($num < $min)
    1391. 

  1391. 	{
    1392. 

  1392. 		return 'TOO_SMALL';
    1393. 

  1393. 	}
    1394. 

  1394. 	else if ($num > $max)
    1395. 

  1395. 	{
    1396. 

  1396. 		return 'TOO_LARGE';
    1397. 

  1397. 	}
    1398. 

  1398. 

  1399. 	return false;
    1400. 

  1400. }
    1401. 

  1401. 

  1402. /**
    1403. 

  1403. * Validate Date
    1404. 

  1404. * @param String $string a date in the dd-mm-yyyy format
    1405. 

  1405. * @return	boolean
    1406. 

  1406. */
    1407. 

  1407. function validate_date($date_string, $optional = false)
    1408. 

  1408. {
    1409. 

  1409. 	$date = explode('-', $date_string);
    1410. 

  1410. 	if ((empty($date) || sizeof($date) != 3) && $optional)
    1411. 

  1411. 	{
    1412. 

  1412. 		return false;
    1413. 

  1413. 	}
    1414. 

  1414. 	else if ($optional)
    1415. 

  1415. 	{
    1416. 

  1416. 		for ($field = 0; $field <= 1; $field++)
    1417. 

  1417. 		{
    1418. 

  1418. 			$date[$field] = (int) $date[$field];
    1419. 

  1419. 			if (empty($date[$field]))
    1420. 

  1420. 			{
    1421. 

  1421. 				$date[$field] = 1;
    1422. 

  1422. 			}
    1423. 

  1423. 		}
    1424. 

  1424. 		$date[2] = (int) $date[2];
    1425. 

  1425. 		// assume an arbitrary leap year
    1426. 

  1426. 		if (empty($date[2]))
    1427. 

  1427. 		{
    1428. 

  1428. 			$date[2] = 1980;
    1429. 

  1429. 		}
    1430. 

  1430. 	}
    1431. 

  1431. 

  1432. 	if (sizeof($date) != 3 || !checkdate($date[1], $date[0], $date[2]))
    1433. 

  1433. 	{
    1434. 

  1434. 		return 'INVALID';
    1435. 

  1435. 	}
    1436. 

  1436. 

  1437. 	return false;
    1438. 

  1438. }
    1439. 

  1439. 

  1440. 

  1441. /**
    1442. 

  1442. * Validate Match
    1443. 

  1443. *
    1444. 

  1444. * @return	boolean|string	Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
    1445. 

  1445. */
    1446. 

  1446. function validate_match($string, $optional = false, $match = '')
    1447. 

  1447. {
    1448. 

  1448. 	if (empty($string) && $optional)
    1449. 

  1449. 	{
    1450. 

  1450. 		return false;
    1451. 

  1451. 	}
    1452. 

  1452. 

  1453. 	if (empty($match))
    1454. 

  1454. 	{
    1455. 

  1455. 		return false;
    1456. 

  1456. 	}
    1457. 

  1457. 

  1458. 	if (!preg_match($match, $string))
    1459. 

  1459. 	{
    1460. 

  1460. 		return 'WRONG_DATA';
    1461. 

  1461. 	}
    1462. 

  1462. 

  1463. 	return false;
    1464. 

  1464. }
    1465. 

  1465. 

  1466. /**
    1467. 

  1467. * Validate Language Pack ISO Name
    1468. 

  1468. *
    1469. 

  1469. * Tests whether a language name is valid and installed
    1470. 

  1470. *
    1471. 

  1471. * @param string $lang_iso	The language string to test
    1472. 

  1472. *
    1473. 

  1473. * @return bool|string		Either false if validation succeeded or
    1474. 

  1474. *							a string which will be used as the error message
    1475. 

  1475. *							(with the variable name appended)
    1476. 

  1476. */
    1477. 

  1477. function validate_language_iso_name($lang_iso)
    1478. 

  1478. {
    1479. 

  1479. 	global $db;
    1480. 

  1480. 

  1481. 	$sql = 'SELECT lang_id
    1482. 

  1482. 		FROM ' . LANG_TABLE . "
    1483. 

  1483. 		WHERE lang_iso = '" . $db->sql_escape($lang_iso) . "'";
    1484. 

  1484. 	$result = $db->sql_query($sql);
    1485. 

  1485. 	$lang_id = (int) $db->sql_fetchfield('lang_id');
    1486. 

  1486. 	$db->sql_freeresult($result);
    1487. 

  1487. 

  1488. 	return ($lang_id) ? false : 'WRONG_DATA';
    1489. 

  1489. }
    1490. 

  1490. 

  1491. /**
    1492. 

  1492. * Validate Timezone Name
    1493. 

  1493. *
    1494. 

  1494. * Tests whether a timezone name is valid
    1495. 

  1495. *
    1496. 

  1496. * @param string $timezone	The timezone string to test
    1497. 

  1497. *
    1498. 

  1498. * @return bool|string		Either false if validation succeeded or
    1499. 

  1499. *							a string which will be used as the error message
    1500. 

  1500. *							(with the variable name appended)
    1501. 

  1501. */
    1502. 

  1502. function phpbb_validate_timezone($timezone)
    1503. 

  1503. {
    1504. 

  1504. 	return (in_array($timezone, phpbb_get_timezone_identifiers($timezone))) ? false : 'TIMEZONE_INVALID';
    1505. 

  1505. }
    1506. 

  1506. 

  1507. /**
    1508. 

  1508. * Check to see if the username has been taken, or if it is disallowed.
    1509. 

  1509. * Also checks if it includes the " character, which we don't allow in usernames.
    1510. 

  1510. * Used for registering, changing names, and posting anonymously with a username
    1511. 

  1511. *
    1512. 

  1512. * @param string $username The username to check
    1513. 

  1513. * @param string $allowed_username An allowed username, default being $user->data['username']
    1514. 

  1514. *
    1515. 

  1515. * @return	mixed	Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
    1516. 

  1516. */
    1517. 

  1517. function validate_username($username, $allowed_username = false)
    1518. 

  1518. {
    1519. 

  1519. 	global $config, $db, $user, $cache;
    1520. 

  1520. 

  1521. 	$clean_username = utf8_clean_string($username);
    1522. 

  1522. 	$allowed_username = ($allowed_username === false) ? $user->data['username_clean'] : utf8_clean_string($allowed_username);
    1523. 

  1523. 

  1524. 	if ($allowed_username == $clean_username)
    1525. 

  1525. 	{
    1526. 

  1526. 		return false;
    1527. 

  1527. 	}
    1528. 

  1528. 

  1529. 	// ... fast checks first.
    1530. 

  1530. 	if (strpos($username, '&quot;') !== false || strpos($username, '"') !== false || empty($clean_username))
    1531. 

  1531. 	{
    1532. 

  1532. 		return 'INVALID_CHARS';
    1533. 

  1533. 	}
    1534. 

  1534. 

  1535. 	$mbstring = $pcre = false;
    1536. 

  1536. 

  1537. 	// generic UTF-8 character types supported?
    1538. 

  1538. 	if (phpbb_pcre_utf8_support())
    1539. 

  1539. 	{
    1540. 

  1540. 		$pcre = true;
    1541. 

  1541. 	}
    1542. 

  1542. 	else if (function_exists('mb_ereg_match'))
    1543. 

  1543. 	{
    1544. 

  1544. 		mb_regex_encoding('UTF-8');
    1545. 

  1545. 		$mbstring = true;
    1546. 

  1546. 	}
    1547. 

  1547. 

  1548. 	switch ($config['allow_name_chars'])
    1549. 

  1549. 	{
    1550. 

  1550. 		case 'USERNAME_CHARS_ANY':
    1551. 

  1551. 			$pcre = true;
    1552. 

  1552. 			$regex = '.+';
    1553. 

  1553. 		break;
    1554. 

  1554. 

  1555. 		case 'USERNAME_ALPHA_ONLY':
    1556. 

  1556. 			$pcre = true;
    1557. 

  1557. 			$regex = '[A-Za-z0-9]+';
    1558. 

  1558. 		break;
    1559. 

  1559. 

  1560. 		case 'USERNAME_ALPHA_SPACERS':
    1561. 

  1561. 			$pcre = true;
    1562. 

  1562. 			$regex = '[A-Za-z0-9-[\]_+ ]+';
    1563. 

  1563. 		break;
    1564. 

  1564. 

  1565. 		case 'USERNAME_LETTER_NUM':
    1566. 

  1566. 			if ($pcre)
    1567. 

  1567. 			{
    1568. 

  1568. 				$regex = '[\p{Lu}\p{Ll}\p{N}]+';
    1569. 

  1569. 			}
    1570. 

  1570. 			else if ($mbstring)
    1571. 

  1571. 			{
    1572. 

  1572. 				$regex = '[[:upper:][:lower:][:digit:]]+';
    1573. 

  1573. 			}
    1574. 

  1574. 			else
    1575. 

  1575. 			{
    1576. 

  1576. 				$pcre = true;
    1577. 

  1577. 				$regex = '[a-zA-Z0-9]+';
    1578. 

  1578. 			}
    1579. 

  1579. 		break;
    1580. 

  1580. 

  1581. 		case 'USERNAME_LETTER_NUM_SPACERS':
    1582. 

  1582. 			if ($pcre)
    1583. 

  1583. 			{
    1584. 

  1584. 				$regex = '[-\]_+ [\p{Lu}\p{Ll}\p{N}]+';
    1585. 

  1585. 			}
    1586. 

  1586. 			else if ($mbstring)
    1587. 

  1587. 			{
    1588. 

  1588. 				$regex = '[-\]_+ \[[:upper:][:lower:][:digit:]]+';
    1589. 

  1589. 			}
    1590. 

  1590. 			else
    1591. 

  1591. 			{
    1592. 

  1592. 				$pcre = true;
    1593. 

  1593. 				$regex = '[-\]_+ [a-zA-Z0-9]+';
    1594. 

  1594. 			}
    1595. 

  1595. 		break;
    1596. 

  1596. 

  1597. 		case 'USERNAME_ASCII':
    1598. 

  1598. 		default:
    1599. 

  1599. 			$pcre = true;
    1600. 

  1600. 			$regex = '[\x01-\x7F]+';
    1601. 

  1601. 		break;
    1602. 

  1602. 	}
    1603. 

  1603. 

  1604. 	if ($pcre)
    1605. 

  1605. 	{
    1606. 

  1606. 		if (!preg_match('#^' . $regex . '$#u', $username))
    1607. 

  1607. 		{
    1608. 

  1608. 			return 'INVALID_CHARS';
    1609. 

  1609. 		}
    1610. 

  1610. 	}
    1611. 

  1611. 	else if ($mbstring)
    1612. 

  1612. 	{
    1613. 

  1613. 		mb_ereg_search_init($username, '^' . $regex . '$');
    1614. 

  1614. 		if (!mb_ereg_search())
    1615. 

  1615. 		{
    1616. 

  1616. 			return 'INVALID_CHARS';
    1617. 

  1617. 		}
    1618. 

  1618. 	}
    1619. 

  1619. 

  1620. 	$sql = 'SELECT username
    1621. 

  1621. 		FROM ' . USERS_TABLE . "
    1622. 

  1622. 		WHERE username_clean = '" . $db->sql_escape($clean_username) . "'";
    1623. 

  1623. 	$result = $db->sql_query($sql);
    1624. 

  1624. 	$row = $db->sql_fetchrow($result);
    1625. 

  1625. 	$db->sql_freeresult($result);
    1626. 

  1626. 

  1627. 	if ($row)
    1628. 

  1628. 	{
    1629. 

  1629. 		return 'USERNAME_TAKEN';
    1630. 

  1630. 	}
    1631. 

  1631. 

  1632. 	$sql = 'SELECT group_name
    1633. 

  1633. 		FROM ' . GROUPS_TABLE . "
    1634. 

  1634. 		WHERE LOWER(group_name) = '" . $db->sql_escape(utf8_strtolower($username)) . "'";
    1635. 

  1635. 	$result = $db->sql_query($sql);
    1636. 

  1636. 	$row = $db->sql_fetchrow($result);
    1637. 

  1637. 	$db->sql_freeresult($result);
    1638. 

  1638. 

  1639. 	if ($row)
    1640. 

  1640. 	{
    1641. 

  1641. 		return 'USERNAME_TAKEN';
    1642. 

  1642. 	}
    1643. 

  1643. 

  1644. 	$bad_usernames = $cache->obtain_disallowed_usernames();
    1645. 

  1645. 

  1646. 	foreach ($bad_usernames as $bad_username)
    1647. 

  1647. 	{
    1648. 

  1648. 		if (preg_match('#^' . $bad_username . '$#', $clean_username))
    1649. 

  1649. 		{
    1650. 

  1650. 			return 'USERNAME_DISALLOWED';
    1651. 

  1651. 		}
    1652. 

  1652. 	}
    1653. 

  1653. 

  1654. 	return false;
    1655. 

  1655. }
    1656. 

  1656. 

  1657. /**
    1658. 

  1658. * Check to see if the password meets the complexity settings
    1659. 

  1659. *
    1660. 

  1660. * @return	boolean|string	Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
    1661. 

  1661. */
    1662. 

  1662. function validate_password($password)
    1663. 

  1663. {
    1664. 

  1664. 	global $config;
    1665. 

  1665. 

  1666. 	if ($password === '' || $config['pass_complex'] === 'PASS_TYPE_ANY')
    1667. 

  1667. 	{
    1668. 

  1668. 		// Password empty or no password complexity required.
    1669. 

  1669. 		return false;
    1670. 

  1670. 	}
    1671. 

  1671. 

  1672. 	$pcre = $mbstring = false;
    1673. 

  1673. 

  1674. 	// generic UTF-8 character types supported?
    1675. 

  1675. 	if (phpbb_pcre_utf8_support())
    1676. 

  1676. 	{
    1677. 

  1677. 		$upp = '\p{Lu}';
    1678. 

  1678. 		$low = '\p{Ll}';
    1679. 

  1679. 		$num = '\p{N}';
    1680. 

  1680. 		$sym = '[^\p{Lu}\p{Ll}\p{N}]';
    1681. 

  1681. 		$pcre = true;
    1682. 

  1682. 	}
    1683. 

  1683. 	else if (function_exists('mb_ereg_match'))
    1684. 

  1684. 	{
    1685. 

  1685. 		mb_regex_encoding('UTF-8');
    1686. 

  1686. 		$upp = '[[:upper:]]';
    1687. 

  1687. 		$low = '[[:lower:]]';
    1688. 

  1688. 		$num = '[[:digit:]]';
    1689. 

  1689. 		$sym = '[^[:upper:][:lower:][:digit:]]';
    1690. 

  1690. 		$mbstring = true;
    1691. 

  1691. 	}
    1692. 

  1692. 	else
    1693. 

  1693. 	{
    1694. 

  1694. 		$upp = '[A-Z]';
    1695. 

  1695. 		$low = '[a-z]';
    1696. 

  1696. 		$num = '[0-9]';
    1697. 

  1697. 		$sym = '[^A-Za-z0-9]';
    1698. 

  1698. 		$pcre = true;
    1699. 

  1699. 	}
    1700. 

  1700. 

  1701. 	$chars = array();
    1702. 

  1702. 

  1703. 	switch ($config['pass_complex'])
    1704. 

  1704. 	{
    1705. 

  1705. 		// No break statements below ...
    1706. 

  1706. 		// We require strong passwords in case pass_complex is not set or is invalid
    1707. 

  1707. 		default:
    1708. 

  1708. 

  1709. 		// Require mixed case letters, numbers and symbols
    1710. 

  1710. 		case 'PASS_TYPE_SYMBOL':
    1711. 

  1711. 			$chars[] = $sym;
    1712. 

  1712. 

  1713. 		// Require mixed case letters and numbers
    1714. 

  1714. 		case 'PASS_TYPE_ALPHA':
    1715. 

  1715. 			$chars[] = $num;
    1716. 

  1716. 

  1717. 		// Require mixed case letters
    1718. 

  1718. 		case 'PASS_TYPE_CASE':
    1719. 

  1719. 			$chars[] = $low;
    1720. 

  1720. 			$chars[] = $upp;
    1721. 

  1721. 	}
    1722. 

  1722. 

  1723. 	if ($pcre)
    1724. 

  1724. 	{
    1725. 

  1725. 		foreach ($chars as $char)
    1726. 

  1726. 		{
    1727. 

  1727. 			if (!preg_match('#' . $char . '#u', $password))
    1728. 

  1728. 			{
    1729. 

  1729. 				return 'INVALID_CHARS';
    1730. 

  1730. 			}
    1731. 

  1731. 		}
    1732. 

  1732. 	}
    1733. 

  1733. 	else if ($mbstring)
    1734. 

  1734. 	{
    1735. 

  1735. 		foreach ($chars as $char)
    1736. 

  1736. 		{
    1737. 

  1737. 			if (mb_ereg($char, $password) === false)
    1738. 

  1738. 			{
    1739. 

  1739. 				return 'INVALID_CHARS';
    1740. 

  1740. 			}
    1741. 

  1741. 		}
    1742. 

  1742. 	}
    1743. 

  1743. 

  1744. 	return false;
    1745. 

  1745. }
    1746. 

  1746. 

  1747. /**
    1748. 

  1748. * Check to see if email address is a valid address and contains a MX record
    1749. 

  1749. *
    1750. 

  1750. * @param string $email The email to check
    1751. 

  1751. *
    1752. 

  1752. * @return mixed Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
    1753. 

  1753. */
    1754. 

  1754. function phpbb_validate_email($email, $config = null)
    1755. 

  1755. {
    1756. 

  1756. 	if ($config === null)
    1757. 

  1757. 	{
    1758. 

  1758. 		global $config;
    1759. 

  1759. 	}
    1760. 

  1760. 

  1761. 	$email = strtolower($email);
    1762. 

  1762. 

  1763. 	if (!preg_match('/^' . get_preg_expression('email') . '$/i', $email))
    1764. 

  1764. 	{
    1765. 

  1765. 		return 'EMAIL_INVALID';
    1766. 

  1766. 	}
    1767. 

  1767. 

  1768. 	// Check MX record.
    1769. 

  1769. 	// The idea for this is from reading the UseBB blog/announcement. :)
    1770. 

  1770. 	if ($config['email_check_mx'])
    1771. 

  1771. 	{
    1772. 

  1772. 		list(, $domain) = explode('@', $email);
    1773. 

  1773. 

  1774. 		if (phpbb_checkdnsrr($domain, 'A') === false && phpbb_checkdnsrr($domain, 'MX') === false)
    1775. 

  1775. 		{
    1776. 

  1776. 			return 'DOMAIN_NO_MX_RECORD';
    1777. 

  1777. 		}
    1778. 

  1778. 	}
    1779. 

  1779. 

  1780. 	return false;
    1781. 

  1781. }
    1782. 

  1782. 

  1783. /**
    1784. 

  1784. * Check to see if email address is banned or already present in the DB
    1785. 

  1785. *
    1786. 

  1786. * @param string $email The email to check
    1787. 

  1787. * @param string $allowed_email An allowed email, default being $user->data['user_email']
    1788. 

  1788. *
    1789. 

  1789. * @return mixed Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
    1790. 

  1790. */
    1791. 

  1791. function validate_user_email($email, $allowed_email = false)
    1792. 

  1792. {
    1793. 

  1793. 	global $config, $db, $user;
    1794. 

  1794. 

  1795. 	$email = strtolower($email);
    1796. 

  1796. 	$allowed_email = ($allowed_email === false) ? strtolower($user->data['user_email']) : strtolower($allowed_email);
    1797. 

  1797. 

  1798. 	if ($allowed_email == $email)
    1799. 

  1799. 	{
    1800. 

  1800. 		return false;
    1801. 

  1801. 	}
    1802. 

  1802. 

  1803. 	$validate_email = phpbb_validate_email($email, $config);
    1804. 

  1804. 	if ($validate_email)
    1805. 

  1805. 	{
    1806. 

  1806. 		return $validate_email;
    1807. 

  1807. 	}
    1808. 

  1808. 

  1809. 	if (($ban_reason = $user->check_ban(false, false, $email, true)) !== false)
    1810. 

  1810. 	{
    1811. 

  1811. 		return ($ban_reason === true) ? 'EMAIL_BANNED' : $ban_reason;
    1812. 

  1812. 	}
    1813. 

  1813. 

  1814. 	if (!$config['allow_emailreuse'])
    1815. 

  1815. 	{
    1816. 

  1816. 		$sql = 'SELECT user_email_hash
    1817. 

  1817. 			FROM ' . USERS_TABLE . "
    1818. 

  1818. 			WHERE user_email_hash = " . $db->sql_escape(phpbb_email_hash($email));
    1819. 

  1819. 		$result = $db->sql_query($sql);
    1820. 

  1820. 		$row = $db->sql_fetchrow($result);
    1821. 

  1821. 		$db->sql_freeresult($result);
    1822. 

  1822. 

  1823. 		if ($row)
    1824. 

  1824. 		{
    1825. 

  1825. 			return 'EMAIL_TAKEN';
    1826. 

  1826. 		}
    1827. 

  1827. 	}
    1828. 

  1828. 

  1829. 	return false;
    1830. 

  1830. }
    1831. 

  1831. 

  1832. /**
    1833. 

  1833. * Validate jabber address
    1834. 

  1834. * Taken from the jabber class within flyspray (see author notes)
    1835. 

  1835. *
    1836. 

  1836. * @author flyspray.org
    1837. 

  1837. */
    1838. 

  1838. function validate_jabber($jid)
    1839. 

  1839. {
    1840. 

  1840. 	if (!$jid)
    1841. 

  1841. 	{
    1842. 

  1842. 		return false;
    1843. 

  1843. 	}
    1844. 

  1844. 

  1845. 	$separator_pos = strpos($jid, '@');
    1846. 

  1846. 

  1847. 	if ($separator_pos === false)
    1848. 

  1848. 	{
    1849. 

  1849. 		return 'WRONG_DATA';
    1850. 

  1850. 	}
    1851. 

  1851. 

  1852. 	$username = substr($jid, 0, $separator_pos);
    1853. 

  1853. 	$realm = substr($jid, $separator_pos + 1);
    1854. 

  1854. 

  1855. 	if (strlen($username) == 0 || strlen($realm) < 3)
    1856. 

  1856. 	{
    1857. 

  1857. 		return 'WRONG_DATA';
    1858. 

  1858. 	}
    1859. 

  1859. 

  1860. 	$arr = explode('.', $realm);
    1861. 

  1861. 

  1862. 	if (sizeof($arr) == 0)
    1863. 

  1863. 	{
    1864. 

  1864. 		return 'WRONG_DATA';
    1865. 

  1865. 	}
    1866. 

  1866. 

  1867. 	foreach ($arr as $part)
    1868. 

  1868. 	{
    1869. 

  1869. 		if (substr($part, 0, 1) == '-' || substr($part, -1, 1) == '-')
    1870. 

  1870. 		{
    1871. 

  1871. 			return 'WRONG_DATA';
    1872. 

  1872. 		}
    1873. 

  1873. 

  1874. 		if (!preg_match("@^[a-zA-Z0-9-.]+$@", $part))
    1875. 

  1875. 		{
    1876. 

  1876. 			return 'WRONG_DATA';
    1877. 

  1877. 		}
    1878. 

  1878. 	}
    1879. 

  1879. 

  1880. 	$boundary = array(array(0, 127), array(192, 223), array(224, 239), array(240, 247), array(248, 251), array(252, 253));
    1881. 

  1881. 

  1882. 	// Prohibited Characters RFC3454 + RFC3920
    1883. 

  1883. 	$prohibited = array(
    1884. 

  1884. 		// Table C.1.1
    1885. 

  1885. 		array(0x0020, 0x0020),		// SPACE
    1886. 

  1886. 		// Table C.1.2
    1887. 

  1887. 		array(0x00A0, 0x00A0),		// NO-BREAK SPACE
    1888. 

  1888. 		array(0x1680, 0x1680),		// OGHAM SPACE MARK
    1889. 

  1889. 		array(0x2000, 0x2001),		// EN QUAD
    1890. 

  1890. 		array(0x2001, 0x2001),		// EM QUAD
    1891. 

  1891. 		array(0x2002, 0x2002),		// EN SPACE
    1892. 

  1892. 		array(0x2003, 0x2003),		// EM SPACE
    1893. 

  1893. 		array(0x2004, 0x2004),		// THREE-PER-EM SPACE
    1894. 

  1894. 		array(0x2005, 0x2005),		// FOUR-PER-EM SPACE
    1895. 

  1895. 		array(0x2006, 0x2006),		// SIX-PER-EM SPACE
    1896. 

  1896. 		array(0x2007, 0x2007),		// FIGURE SPACE
    1897. 

  1897. 		array(0x2008, 0x2008),		// PUNCTUATION SPACE
    1898. 

  1898. 		array(0x2009, 0x2009),		// THIN SPACE
    1899. 

  1899. 		array(0x200A, 0x200A),		// HAIR SPACE
    1900. 

  1900. 		array(0x200B, 0x200B),		// ZERO WIDTH SPACE
    1901. 

  1901. 		array(0x202F, 0x202F),		// NARROW NO-BREAK SPACE
    1902. 

  1902. 		array(0x205F, 0x205F),		// MEDIUM MATHEMATICAL SPACE
    1903. 

  1903. 		array(0x3000, 0x3000),		// IDEOGRAPHIC SPACE
    1904. 

  1904. 		// Table C.2.1
    1905. 

  1905. 		array(0x0000, 0x001F),		// [CONTROL CHARACTERS]
    1906. 

  1906. 		array(0x007F, 0x007F),		// DELETE
    1907. 

  1907. 		// Table C.2.2
    1908. 

  1908. 		array(0x0080, 0x009F),		// [CONTROL CHARACTERS]
    1909. 

  1909. 		array(0x06DD, 0x06DD),		// ARABIC END OF AYAH
    1910. 

  1910. 		array(0x070F, 0x070F),		// SYRIAC ABBREVIATION MARK
    1911. 

  1911. 		array(0x180E, 0x180E),		// MONGOLIAN VOWEL SEPARATOR
    1912. 

  1912. 		array(0x200C, 0x200C), 		// ZERO WIDTH NON-JOINER
    1913. 

  1913. 		array(0x200D, 0x200D),		// ZERO WIDTH JOINER
    1914. 

  1914. 		array(0x2028, 0x2028),		// LINE SEPARATOR
    1915. 

  1915. 		array(0x2029, 0x2029),		// PARAGRAPH SEPARATOR
    1916. 

  1916. 		array(0x2060, 0x2060),		// WORD JOINER
    1917. 

  1917. 		array(0x2061, 0x2061),		// FUNCTION APPLICATION
    1918. 

  1918. 		array(0x2062, 0x2062),		// INVISIBLE TIMES
    1919. 

  1919. 		array(0x2063, 0x2063),		// INVISIBLE SEPARATOR
    1920. 

  1920. 		array(0x206A, 0x206F),		// [CONTROL CHARACTERS]
    1921. 

  1921. 		array(0xFEFF, 0xFEFF),		// ZERO WIDTH NO-BREAK SPACE
    1922. 

  1922. 		array(0xFFF9, 0xFFFC),		// [CONTROL CHARACTERS]
    1923. 

  1923. 		array(0x1D173, 0x1D17A),	// [MUSICAL CONTROL CHARACTERS]
    1924. 

  1924. 		// Table C.3
    1925. 

  1925. 		array(0xE000, 0xF8FF),		// [PRIVATE USE, PLANE 0]
    1926. 

  1926. 		array(0xF0000, 0xFFFFD),	// [PRIVATE USE, PLANE 15]
    1927. 

  1927. 		array(0x100000, 0x10FFFD),	// [PRIVATE USE, PLANE 16]
    1928. 

  1928. 		// Table C.4
    1929. 

  1929. 		array(0xFDD0, 0xFDEF),		// [NONCHARACTER CODE POINTS]
    1930. 

  1930. 		array(0xFFFE, 0xFFFF),		// [NONCHARACTER CODE POINTS]
    1931. 

  1931. 		array(0x1FFFE, 0x1FFFF),	// [NONCHARACTER CODE POINTS]
    1932. 

  1932. 		array(0x2FFFE, 0x2FFFF),	// [NONCHARACTER CODE POINTS]
    1933. 

  1933. 		array(0x3FFFE, 0x3FFFF),	// [NONCHARACTER CODE POINTS]
    1934. 

  1934. 		array(0x4FFFE, 0x4FFFF),	// [NONCHARACTER CODE POINTS]
    1935. 

  1935. 		array(0x5FFFE, 0x5FFFF),	// [NONCHARACTER CODE POINTS]
    1936. 

  1936. 		array(0x6FFFE, 0x6FFFF),	// [NONCHARACTER CODE POINTS]
    1937. 

  1937. 		array(0x7FFFE, 0x7FFFF),	// [NONCHARACTER CODE POINTS]
    1938. 

  1938. 		array(0x8FFFE, 0x8FFFF),	// [NONCHARACTER CODE POINTS]
    1939. 

  1939. 		array(0x9FFFE, 0x9FFFF),	// [NONCHARACTER CODE POINTS]
    1940. 

  1940. 		array(0xAFFFE, 0xAFFFF),	// [NONCHARACTER CODE POINTS]
    1941. 

  1941. 		array(0xBFFFE, 0xBFFFF),	// [NONCHARACTER CODE POINTS]
    1942. 

  1942. 		array(0xCFFFE, 0xCFFFF),	// [NONCHARACTER CODE POINTS]
    1943. 

  1943. 		array(0xDFFFE, 0xDFFFF),	// [NONCHARACTER CODE POINTS]
    1944. 

  1944. 		array(0xEFFFE, 0xEFFFF),	// [NONCHARACTER CODE POINTS]
    1945. 

  1945. 		array(0xFFFFE, 0xFFFFF),	// [NONCHAR…
    1946.

Large files files are truncated, but you can click here to view the full file